[Emacs-diffs] trunk r116838: Do not read uninitialized memory in conv

emacs-diffs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Emacs-diffs] trunk r116838: Do not read uninitialized memory in conv_so

From:	Daniel Colascione
Subject:	[Emacs-diffs] trunk r116838: Do not read uninitialized memory in conv_sockaddr_to_lisp
Date:	Sat, 22 Mar 2014 03:05:14 +0000
User-agent:	Bazaar (2.6b2)

------------------------------------------------------------
revno: 116838 [merge]
revision-id: address@hidden
parent: address@hidden
parent: address@hidden
committer: Daniel Colascione <address@hidden>
branch nick: trunk
timestamp: Fri 2014-03-21 20:04:53 -0700
message:
  Do not read uninitialized memory in conv_sockaddr_to_lisp
modified:
  src/ChangeLog                  changelog-20091113204419-o5vbwnq5f7feedwu-1438
  src/process.c                  process.c-20091113204419-o5vbwnq5f7feedwu-462

=== modified file 'src/ChangeLog'
--- a/src/ChangeLog     2014-03-21 19:04:57 +0000
+++ b/src/ChangeLog     2014-03-22 03:04:53 +0000
@@ -1,3 +1,9 @@
+2014-03-22  Daniel Colascione  <address@hidden>
+
+       * process.c (conv_sockaddr_to_lisp): When extracting the string
+       names of AF_LOCAL sockets, stop before reading uninitialized
+       memory.
+
 2014-03-21  YAMAMOTO Mitsuharu  <address@hidden>
 
        Fix regression introduced by patch for Bug#10500.

=== modified file 'src/process.c'
--- a/src/process.c     2014-02-22 21:08:22 +0000
+++ b/src/process.c     2014-03-22 03:04:24 +0000
@@ -2010,10 +2010,22 @@
     case AF_LOCAL:
       {
        struct sockaddr_un *sockun = (struct sockaddr_un *) sa;
-       for (i = 0; i < sizeof (sockun->sun_path); i++)
-         if (sockun->sun_path[i] == 0)
-           break;
-       return make_unibyte_string (sockun->sun_path, i);
+        ptrdiff_t name_length = len - offsetof (struct sockaddr_un, sun_path);
+        /* If the first byte is NUL, the name is a Linux abstract
+           socket name, and the name can contain embedded NULs.  If
+           it's not, we have a NUL-terminated string.  Be careful not
+           to walk past the end of the object looking for the name
+           terminator, however.  */
+        if (name_length > 0 && sockun->sun_path[0] != '\0')
+          {
+            const char* terminator =
+              memchr (sockun->sun_path, '\0', name_length);
+
+            if (terminator)
+              name_length = terminator - (const char*) sockun->sun_path;
+          }
+
+       return make_unibyte_string (sockun->sun_path, name_length);
       }
 #endif
     default:

[Prev in Thread]

Current Thread

[Next in Thread]

[Emacs-diffs] trunk r116838: Do not read uninitialized memory in conv_sockaddr_to_lisp, Daniel Colascione <=

Prev by Date: [Emacs-diffs] emacs-24 r116826: lisp/w32-common-fns.el (x-selection-owner-p): Get documentation from DOC.
Next by Date: [Emacs-diffs] trunk r116839: * help.el (temp-buffer-setup-hook): Remove help-mode-setup.
Previous by thread: [Emacs-diffs] emacs-24 r116826: lisp/w32-common-fns.el (x-selection-owner-p): Get documentation from DOC.
Next by thread: [Emacs-diffs] trunk r116839: * help.el (temp-buffer-setup-hook): Remove help-mode-setup.
Index(es):
- Date
- Thread